xserver icon indicating copy to clipboard operation
xserver copied to clipboard
Published 2 months ago verified publisher icon X11Libre

Add overflow check to calloc in doListFontsAndAliases

Open BrightCat14 opened this issue 6 months ago • 3 comments

Fixes the following compiler warning:

../dix/dixfonts.c: In function ‘doListFontsAndAliases’: ../dix/dixfonts.c:748:25: warning: argument 2 range [2147483648, 4294967295] exceeds maximum object size 2147483647 [-Walloc-size-larger-than=] 748 | char *bufferStart = calloc(1, rep.length << 2);

This could lead to undefined behavior or crash due to integer overflow in the calloc size calculation.

This is my first PR — happy to make changes if needed!

BrightCat14 avatar Aug 06 '25 17:08 BrightCat14

@BrightCat14 thanks for your submission.

This particular function suffers from some more architectural problems: we shouldn't read from reply structs at all, just declare/assign them in one shot right before writing them out. That's important for upcoming/ongoing protocol marshaling refactoring. See eg branch: wip/swapping_new.

metux avatar Aug 07 '25 09:08 metux

@BrightCat14 ping needs rebase

metux avatar Sep 26 '25 15:09 metux

@BrightCat14 needs rebase

metux avatar Nov 26 '25 16:11 metux